Spectre and Meltdown: Powerful Reminders of Side Channel Attacks

Side channel attacks came to attention earlier this year when security researchers announced the discovery of Meltdown and Spectre, affecting a large swath of systems and software. However, these are only two very specific attacks in a general class of attacks known as side channel attacks.

Side Channel Attacks
A side channel attack is a way to extract sensitive information from a system by some means other than the intended input and output channels, or a side channel. A conventional attack on the security of a digital system might work by supplying malicious input that results in sensitive data being included with the output.

As an example, this could be due to a logical error in the implementation of the system. In contrast, a side channel attack might look at a property, such as the system response time, and determine secret information based on changes in this property.

The sensitive information gleaned by a side channel attack is known as side channel leakage. Tide channel leakage can take many forms, including: variation in the time taken by the system to process different inputs, variation in the electrical activity of a circuit when processing different inputs, electromagnetic emissions from a circuit, and sound emitted from a cryptographic device.

In addition to enacting side channel leakage, the attacker may supply the system with chosen inputs or otherwise tamper with the operation of the system to maximize the utility of the leakage.

The threat of side channel attacks becomes even more prominent in the context of cloud computing. The primary concern in cloud computing revolves around side channels that exist in hardware shared by co-resident virtual machines or processes.

Most proof-of-concept side channel attacks in a cloud environment infer secrets based on changes to shared hardware caches. The caches are part of the CPU’s memory subsystem, so these attacks are classified as using a memory side channel.

Spectre and Meltdown
Many organizations had a recent experience with side channel attacks when security researchers announced the discovery of Meltdown and Spectre. Meltdown and Spectre are side channel vulnerabilities affecting the CPU, arising from the speculative execution functionality in modern high-performance CPUs.

Unlike early CPUs, which executed a sequence of machine instructions one by one, modern CPUs may begin processing subsequent instructions while a previous instruction is still in flight. If the previous instruction fails, the CPU must ensure that the machine state exposed to software does not reflect any effects of the executed instructions.

The Meltdown and Spectre vulnerabilities emerged because a process can cause the CPU to speculatively access data that the process should not have access to. The CPU will not expose the data to the process directly, but the process may be able to recover the accessed data via a side channel.

In the case of digital computation, a side channel vulnerability can exist when execution of a program modifies externally visible state outside of explicit inputs and outputs to the program. In this case, the side channel can be organized by the resource(s) used to construct the channel.

For example, a timing side channel attack is an attack in which a secret or password can be inferred based on the execution time of the application. Another side channel attack may use the branch predictor side channel. The CPU’s branch predictor holds information about observed branch behavior and thus may reveal control flow within an enclave.

One approach organizations can consider for protection against side channel attacks is combining runtime encryption of data in use with Intel SGX to deliver secure computation on data in an untrusted environment, without exposing the data to the untrusted environment. SGX enables applications to run in a protected execution environment called a secure enclave. No other software component, not even those running with higher privilege levels, can access the enclave memory.

The software trust boundary of an enclave is exactly the boundary of the enclave. Other software on the host and system administrators with access to the host are outside the trust boundary.

By keeping data encrypted outside enclaves, runtime encryption vastly reduces the scope of attacks since any attack that accesses data outside an enclave will get only encrypted data, which is unreadable without proper decryption keys. Even with a compromised system, hackers will not have access to sensitive data.

With the addition of runtime encryption, all cryptographic algorithms are hardened against side channel attacks. Various protection strategies are used for different algorithms, and when needed non-cryptographic algorithms are also protected against side channel attacks. Runtime Encryption solutions ensure that data remains protected even when in use, and that if ever exposed the data can’t be used because it remains encrypted. In addition, runtime encryption ensures that cryptographic primitives internal to the library are protected.

Side channel attacks are a very real concern in any digital system that operates on sensitive data. As with many aspects of digital security, new attacks are continually under development, and systems must be constantly updated to remain secure. SGX offers the power to run most x86 applications in a secure enclave to protect applications’ data against unauthorized memory reads.

To ensure that enclaves are secure in practice, great care is needed to avoid leaking secrets through side channels. Runtime encryption can be used to bring various defenses, leveraging expertise in hardware-based security and cryptography, to protect against side channel attacks.